foreword
Docker is a tool
开源的应用容器引擎that allows developers to package their applications and dependencies into a portable container, and then publish it to any popularLinux或Windowsoperating system machine. It can also implement virtualization. The container is completely using the sandbox mechanism and interacts with each other. There will be no interface between them.
Cloud native uses Docker to ensure environment security, deployment security, main manifestations of security issues and emergence of emerging technologies
1. Secure your environment with Docker
Docker is very hot, and many people say that it is rare to see such interest in the industry 新兴技术. However, when the excitement translates into actual deployments, enterprises need to be mindful of Docker's security.
Anyone who knows Docker knows that Docker uses containers to effectively isolate resources. Therefore, the container is equivalent to Linux OSand hypervisorhas almost the same level of security operation management and configuration management. But when it comes to secure operations and management, backed by common controls for confidentiality, integrity and availability, Docker can disappoint.
When containers run on local systems, enterprises can ensure security through their security rules. But once the container is running in the cloud, the reality is not so simple.
Security becomes more complicated when Docker is running on a cloud provider platform. Need to know what the cloud provider is doing, maybe the user is sharing a machine with someone else.
Although containers have no built-in security factors, and it is difficult for emerging technologies like Docker to have comprehensive security measures, this does not mean that they will not appear in the future.
2. Emerging technologies
Emerging technologies are the source of power for technological updates and technological innovations, and require not only "newness" in time or space, but also "rise" and "development." Identifying, tracking, forecasting, and managing emerging technologies has received a lot of attention since the publication of the landmark book Wharton on Managing Emerging Technologies by the Wharton School of the University of Pennsylvania in 2000
2.1 Definition
Emerging technologies refer to relatively fast-growing fundamental innovative technologies produced in the process of knowledge production, which have the potential to affect future economic and social development.
2.2 Features
新兴技术本质的特征有根本创新性、相对增长性、影响性和不确定性. Fundamental innovation: When the core technology in a certain field changes fundamentally, the technical way of thinking changes, and the process of technological innovation can lead to the rise of research in this field. Relative growth: Use the function fitting method to obtain the growth curve of the number of documents and determine the size of the relative growth. Influence: Emerging technologies have an impact on industry, society or economy through localization and combination. Due to the lack of data and confidentiality in the early stages of technological development, the impact of emerging technologies is not easy to measure. But it can be represented by the popularity of technology in news, technology reviews, social networks and technology roadmaps. Uncertainty: reflected in the uncertainty of the output and the uncertainty of the field of use. 物理学上使用香农信息熵来衡量物体变化的不规则程度,可以作为衡量不确定的参考指标。其他特征为具体识别方法的非本质特征. For example, creative destruction comes from discontinuous fundamental innovation, and high cost and country correlation are external characteristics of emerging technologies. The essence of agglomeration is the impact of emerging technologies on social networks.
3. Deployment Security
Some experts also locate the essence of Docker security issues in configuration security 认为Docker的问题是很难配置一个安全的容器. While Docker's developers reduce the attack surface by creating very small containers, the problem is that employees running Docker containers in production within large enterprises need to have more visibility and control.
专家认为,大约90%的外部网络攻击并不是超级复杂的,攻击者多是利用了管理员的行为漏洞,比如配置错误或者未及时安装补丁.
Therefore, when an enterprise deploys thousands or tens of thousands of containers, it is crucial to ensure that these containers are configured in compliance with enterprise security policies.
To solve this problem, there is a need to increase real-time visibility of Docker container deployments while enforcing enterprise-defined security policies.
4. Security problems are mainly manifested in those
4.1 Information Security Issues
Information security issues refer to information leakage, information loss, information tampering, information falsehood, information lag, information incomplete, etc. caused by various reasons, and the resulting risks. The specific performances are: 窃取商业机密、泄漏商业机密、篡改交易信息、破坏信息的真实性和完整性、接收或发送虚假信息、破坏交易、盗取交易成果伪造交易信息、非法删除交易信息、交易信息丢失、病毒导致信息破坏、黑客入侵等等.
If the information is illegally stolen or leaked, it may bring serious consequences and huge economic losses to the relevant enterprises and individuals. If accurate and complete information cannot be obtained in a timely manner, enterprises and individuals cannot conduct correct analysis and judgment on transactions, and cannot make rational decisions. Illegal deletion of transaction information and loss of transaction information may also lead to economic disputes, causing economic losses to one or more parties to the transaction.
4.2 Transaction security issues
交易安全问题是指电子商务交易过程中存在的各种不安全因素,包括交易的确认、产品和服务的提供、产品和服务的质量、货款的支付等方面的安全问题. Different from traditional business transaction forms, e-commerce has its own characteristics: unbounded market, virtual subject, transaction network, electronic currency, instant settlement, etc. This makes the transaction risk of e-commerce show new characteristics, appear new forms, and be magnified.
Today's e-commerce transaction security problems are many in reality. For example: the seller takes advantage of his own initiative in publishing information to release false information to deceive buyers 卖方利用参与者身份的不确定性与市场进出的随意性,在提供服务方面不遵守承诺,收取费用却不提供服务或者少提供服务; Of course, there are also opposite situations: the buyer takes advantage of the seller’s honesty to obtain products and services, but avoids the execution of the contract by means of anonymity, changing his name, or withdrawing from the market; After exchanging fakes for real ones, find the seller to return the goods for various reasons.
4.3 Property safety issues
财产安全问题是指由于各种原因造成电子商务参与者面临的财产等经济利益风险. Property security is often the final form of e-commerce security issues, as well as the consequences of information security issues and transaction security issues. Property safety problems are mainly manifested as property losses and other economic losses. The direct loss of property such as the theft of the customer's bank funds; the trader's name is impersonated, and his property is stolen. Other economic losses include damage to the reputation of the enterprise due to information leakage and loss; due to network attacks or failures, the efficiency of the enterprise's e-commerce system is reduced or even paralyzed.
5. Docker Security Center
在新的功能中有硬件的部分,可以 跨任何基础架构,允许开发和随后的升级中的数字编码签名. Built on top of the Docker Trust framework for image publisher authentication, along with new image scanning and official vulnerability detection to better understand what's inside the container.
Namespaces are another Docker security update released this week. Allows IT applications to assign permissions to containers based on user groups, constraining host access roots, and designating system administrators to restrict group access to specific services.
Image scanning Docker Hubis available for all official builds on , while namespaces and hardware signing are available in Docker's experimental channel.
Security remains the biggest issue to be addressed for container adoption, especially if large numbers of containers are portable, said IDC research manager Larry Carvalho. Solving this problem through hardware is sensible, since it is harder to intervene and provides efficiencies for the large number of containers that may be used in the future.
Carvhalho said: “他们还应该解决的一个问题是容量,你没有办法在软件层面做大量的安全,因为要有很多开支。”
This is the end of the article! Everyone is welcome to read.